Register of the Provisions No. 229 dated May 08, 2014
Herein we wish to inform you with transparency about the operation on this website (hereinafter referred to as the "Site") of the so-called cookies.
Definition of "cookies"
Cookies are small text files sent from the Site to the computer device of the concerned party (usually through the browser), where they are stored and then re-sent to the Site on occasion of the subsequent visit by the user. A cookie cannot record any other data from the user's hard drive, nor send IT viruses or acquire email addresses. Each cookie is unique for the user's web browser. Some of the cookie functions may be assigned to other technologies. The term 'cookie' refers to cookies and all similar technologies.
Purpose of processing of session technical cookies
Pursuant to article 122, paragraph 1, of the Privacy Code (in the version in force as a result of the entry into force of Legislative Decree 69/2012) "technical" cookies can be used even without the consent of the concerned party.
Therefore, the Data Controller wishes to inform, first of all, that on the Site there are technical cookies needed in order to browse the Site as they allow essential functions such as authentication, validation, management of a browsing session and fraud prevention and make it possible, for example, to identify whether the user had regular access to the areas of the Site that require prior authentication or user validation and management of sessions concerning the various services and applications or the storing of data for secure access or the functions of control and fraud prevention.
To ensure maximum transparency, a series of technical cookies used and
their specific function with in the website are detailed below:
• cookies that are directly installed in the computer device of the user/client (which will not be used for further purposes) such as session cookies used to "fill the shopping cart" when booking online on the Site, authentication cookies, cookies for multimedia contents such as Flash players that do not exceed the duration of the session, customization cookies (for example, for the choice of the browsing language, ID and complete password automatic fill-out by typing the first characters, etc.);
• cookies used to statistically analyze accesses/visits to the site (so-called "analytics" cookies) which are used exclusively for statistical purposes (and not for profiling or marketing) and collect information in aggregated form without any possibility of identifying the individual user. In these cases, since the current legislation requires that for analytics cookies the concerned party is provided with a clear and adequate indication of simple ways to oppose their installation (opt-out) (including any mechanism of anonymization of cookies), we specify that it is possible to deactivate Google analytics as follows: open your browser, select the setting menu, click on INTERNET options, open the privacy tab and choose the desired level of cookie authorization. If it is desired to delete cookies already stored in memory, simply open the security tab and delete the history by ticking off the "delete cookies" box.
Purpose of processing cookies for marketing research.
In addition to technical cookies, we would like to inform you that the Data Controller also uses other cookies on this Site (deriving from specific services provided by companies operating in the sector) which cannot be qualified as "technical cookies" and which are used to analyze habits for marketing purposes.
Below, for each cookie operating on our Site, we report the information on the type of cookies used through the services of third party providers, their purpose, storage period, third parties storing the information and accessing it:
Third Parties that store and access information about the user collected through cookies
- Google Inc, for statistical analysis and reporting.
- Facebook Inc, for profiling
Pursuant to the General Provision of the Data Protection Authority “Consent to the processing of personal data for direct marketing purposes through traditional and automated communication means" occurs as follows:
1. any consent provided for participation to commercial and promotional communications on the basis of art. 130, paragraphs 1 and 2, of the Code and art. 22 of the EU Regulation 679/16 (that is through the use of email, fax, sms, mms, automated systems without operator intervention and similar, including electronic platforms and other telematic means) will require receipt of said communications not only through said automated contact methods, but also through traditional means, such as snail mail or telephone calls through an operator;
2. The right of the concerned party to oppose the processing of personal data for direct marketing purposes through the aforementioned automated contact methods shall automatically extended in any case to traditional ones, and even in said case, without prejudice to the possibility to exercise the right as established in article 7, paragraph 4, of article 21 of the EU Regulation of the Code both in terms of specific means and specific data processing;
3. the concerned party who does not wish to provide consent according to the terms specified above, may specify the preference of receiving communications for the aforementioned marketing purposes exclusively through traditional contact methods whenever applicable: said preference can be exercised free of charge by emailing us to RDP@castelfalfi.it
In order to meet the privacy obligations of the Data Controller in full respect of the principles of simplification of said obligations and pursuant to the General Provision of the Data Protection Authority titled “Consent to the processing of personal data for direct marketing purposes through traditional and automated communication means”, we would like to inform you that the specific consent will be individual as well as inclusive and will make reference to all the possible marketing means, pursuant to articles 23 and 130 of the Privacy Code, as well as to article 7 of the European Regulation 679/16, without prejudice to the possibility of the concerned party to inform the Company, by writing to the email address RDP@castelfalfi.it about any objection regarding the use of specific means respect to others for receiving marketing communications upon the provision of consent. In addition, also for the purpose of meeting the privacy obligations of the Data Controller in full respect of the principles of simplification of said obligations, we would also like to inform you that the specific consent will be individual as well as inclusive and will also refer to all the different and possible marketing purposes herein detailed (without repeating the consent requests for each marketing purpose pursued by the Data Controller), without prejudice to the right of the concerned party to notify, even at a later date, to the Company a different selection preference regarding consent or non-consent for each marketing purposes.
To proceed with the Processing for Marketing Purposes, it is necessary to acquire a specific consent, which is specific, separate, expressed, documented, advanced, informed, free and fully optional.
Consequently, wherever the concerned party wishes to provide said consent, he/she must be
informed in advance and made aware that the purposes of the processing are of a specific commercial, advertising, promotional and marketing nature in the general sense. Therefore, under the flag of full transparency, we would like to inform you that your data will be collected and subsequently processed on the basis of a specific provision of consent:
1. to send to the subjects that have provided aware consent, advertising and
information material (e.g. Newsletters), promotional material or material, in any case, of a soliciting
commercial nature, pursuant to article 23 and 130 of the privacy code; and art 7 of the European Regulation
2. to carry out direct sales activities or activities promoting products or services of the Company;
3. to send commercial information; perform interactive commercial communications also pursuant to article 58 of the Law Decree 206/2005 through the use of email;
4. to process analyses, researches, and market statistics;
5. to send commercial communications for which the European Regulation requires explicit consent
With reference to the forwarding of Newsletters via email to which you may provide your consent, we would also like to inform you that the electronic contents of said promotional communications may be supported by the use of software (such as cookies or web beacons) that may make the Company become aware of a series of parameters such as, for example: time of opening of the Newsletter, pages viewed of the Newsletter, links clicked inside the Newsletter, links to websites of the Company directly through the Newsletter. These parameters, which will not profile the recipient, aim at making available to the Company
statistical data regarding the booking of services generated through various sources.
Thus, by providing consent to this optional processing, the concerned party specifically acknowledges and authorizes said additional and potential secondary processing.
In any case, even wherever the concerned party has provided consent to authorize the Data Controller to the processing of the data to pursue all the purposes listed in the points from 1 to 5 above, he/she will remain free at any time to revoke such consent by sending, without any need for formalities, a clear notification to that end to the Company to the email address: RDP@castelfalfi.it
Upon receipt of said opt-out request, the Company will promptly remove and delete the data from its database used for Data Processing for Marketing purposes and inform any third-party of said revocation of consent so as they may also delete the data of the user, if said data were disclosed to them. Receipt of the request for deletion of the data will be automatically valid as confirmation of occurred cancellation.
Notification and dissemination of personal data collected through cookies during the data processing for Marketing purposes.
For the same purposes as those listed in point 1 through 5 of the previous section, the Data Controller would like to inform you that the data may disclose to commercial third parties (Third Parties). Consent provided for the Data Processing for Marketing purposes to the Company in the role of Data Controller - whenever provided by the concerned party - does not include the other and additional data processing for marketing purposes represented by the disclosure to third parties for the same purpose. In order to disclose the data to external parties, it is mandatory to acquire
from the concerned party and additional, separate, added, documented, expressed and full optional consent.
As it is indeed clarified by the Provision issued by the Italian Data Protection Authority detailing the Guidelines to fight Spam:
3. the data controller must acquire a specific consent for the disclosure (and/or transfer) to third parties of the personal data for promotional purposes, as well as a separate one from the consent required by the Data Controller to carry out its own promotional activity;
4. if the concerned party provides the aforementioned consent for disclosure to third parties, the latter may carry out promotional activities through the automated methods referred to in art. 130, paragraphs 1 and 2 of the Privacy Code, and Article 22 of the EU REGULATION 679/16 without having to acquire a new consent for promotional purposes.
Pursuant to the Provision issued by the Italian Data Protection Authority containing the Guidelines to fight Spam, the third parties recipients of the personal data of the concerned parties for the subsequent Data Processing for Marketing Purposes can be identified with reference to the following commodity or financial categories: publishing, suppliers of electronic communication products and services, Internet service providers, communications agencies, insurance and financial services companies, food and beverage companies, clothing, ICT hardware and software companies, banks and credit institutions, travel agencies, tourism services companies, companies offering personal services and goods, including health products and services, as well as companies providing energy and gas products and services.
The Personal data will be disseminated.
Methods of providing consent.
The Data controller uses the service of third parties (mentioned above)
The link to use the service is http://www.youronlinechoices.com/it/le-tue-scelte.
Cookies may also be deleted by deleting the contents of the "cookies" folder used by browser. Each browser has a different procedure for the management of cookies. Below is a link to the specific instructions for the most popular browsers:
Internet Explorer: http://windows.microsoft.com/it-it/internet-explorer/delete-manage-cookies#ie=ie-11
Google Chrome: https://support.google.com/accounts/answer/61416?hl=it
Apple Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT
Mozilla Firefox: https://support.mozilla.org/it/kb/Attivare%20e%20disattivare%20i%20cookie
Disabling cookiees in Flash:
Please note that if the user completely disables cookies in his/her browser, he/she may not be able to use all of the interactive features available on the website.
Third Party Cookies
While browsing the Site, the user may also receive on its computer device cookies from different websites or different web servers (so-called "third party" cookies): this happens because the Site may contain elements such as, for example, images, maps, sounds, specific links to web pages of other domains that are located on servers other than the one on which the requested page is located. In other words, these cookies are set directly by the website managers or servers other than the one of the Site.
Precisely for the sake of the transparency of information called for by the operators of the "first part site" (i.e. the Site as managed by the Data Controller) where "third party cookies" operate, we would like to inform you that the following third party cookies are used on the Site:
The services contained in this section allow the Data Controller to monitor and analyze traffic data and are used to monitor User behavior.
- Google Analytics (Google Inc.)
Google Analytics is a web analysis service provided by Google, Inc. (“Google”). Google uses the Personal Data collected for the purpose of tracking and analyzing the use of this App, drawing up reports and sharing them with other services developed by Google.
Google may use the Personal Data to contextualize and customize the advertisements of its advertising network.
Personal data collected: Cookies and Usage Information.
Interaction with external social networks and platforms
These services make it possible to interact with social networks, or other external platforms, directly from the pages of this App.
The interactions and information acquired by this App are in any case subjected to the User's privacy settings set for each social network.
If a service is installed that interacts with social networks, it is possible that, even if Users do not use the service, it collects traffic data related to the pages on which it is installed.
- Like button and social network widgets by Facebook (Facebook, Inc.)
The "Like" button and Facebook social widgets are interaction tools with the Facebook social network, provided by Facebook, Inc.
Personal data collected: Cookies and Usage Information.
Re-marketing and Behavioral Targeting
These services enable this App and its partners to communicate, optimize and provide advertisements based on the past use of this App by the User.
Facebook Remarketing (Facebook, Inc.)
Facebook Remarketing is a Remarketing and Behavioral Targeting service provided by Facebook, Inc. which links the activity of this App to the Facebook advertising network.
Personal data collected: Cookies and Usage Information.
Content viewing from External Platforms
These services make it possible to view contents hosted on external platforms directly from the pages of this App and to interact with them.
If a service of this type is installed, it is possible that, even if Users do not use the service, it collects traffic data related to the pages on which it is installed.
Youtube Video Widget (Google Inc.)
Youtube is a video content viewing service operated by Google Inc. that allows this App to integrate said contents in its own pages.
Personal data collected: Cookies and Usage Information.
Data Controller and Data Supervisors.
The identification details of the Data Controller of the Company for the data processing of the concerned party (the list of Data Supervisors is available at the Data Controller's registered office) are as follows:
Tenuta di Castelfalfi SpA
loc. Castelfalfi snc
50050 Montaione (FI)
Address for exercising the rights pursuant to art. 7 of the Privacy Code and Articles from 12 to 22 of the EU REGULATION 679/16: RDP@castelfalfi.it (DPO)
Exercising of rights by the concerned party
At any time, the concerned party will have the possibility - with no need for formalities - to exercise his/her rights in relation to the current privacy legislation (also using the appropriate form for the request made available by the Guarantor on www.garanteprivacy.it), which is reported in full below. The exercise of these rights is not subjected to any formal constraint.